Polish electorial calculator

Contribute to Kalkulator1 development by creating an account on GitHub.

Basically someone decompiled the byte code of the software used in Polish elections. This is after the system failed yesterday for over a day.

Background: Poland wanted a fancy electronic system for reporting votes, attendance, etc because killing trees is bad. They put out a RFP in July 2014, selected a winner in August 2014. The winner had 3 months to build it. And it's 3 months later and they tried to use it!

1. Calculator module for handling electoral district electoral commission in the local elections,
2. Control module trailing protocols of voting results in the circuit,
3. Module adoption of electronic data with the protocols of voting results in the circuit sent by the converter module election
4. The handler electoral authority (the territorial election commission, election commissioner and the National Electoral Commission) in the properties of the body,
5. Module determining voting results and election results,
6. Software for management of the IT service choices based on LDAP database made available by the Employer,
7. Software service public key infrastructure to issue and share certificates
8. Data collection system of electoral committees, lists of candidates and the candidates and districts, counties and warehouses committee of sites made available by the Employer,
9. Implementation of export data, providing data transfer of election committees, lists of candidates and candidates voting districts, constituencies and voting results, performance division of seats in the archive (implemented as a relational database)
10. Execution of the handler entry, receive data on the number of voters who took part in the vote during the voting, transfer of supervision, control accuracy,
11. Conducting training of users of the ordered software
12. Administering the IT infrastructure in the premises of the Employer and the external processing center.

Problems mentioned by others:

PDB files were distributed with the application, the source code now being accessible is an no duh

It uses plain text to transmit election results, and uses HTTP as a fallback for HTTPS not working(LOL).

Contribute to Kalkulator1 development by creating an account on GitHub.

The file doesn't even fit on screen in GitHub.

Also:

According to the rough analysis of the executable and the application workflow one can only assume that the task of creating the Election Calculator has been given to a single student, probably working for an externam contractor. Ms. Agnieszka, we're with you!

Poland is a country where the fate of thousands of electorial commission members rests with a beginner programmer.

It was the ONLY bidder. No other company was desperate enough to accept such ridiculous requirements

Indeed it was; but for the wrong reasons. You see, when the criteria are 49% "price" and 51% "idea", it's an obvious sign that the bid is rigged towards a particular company (since no matter what price you offer, they can still zero your score on the "idea" part).

When the Dead do walk seek water's run, for this the Dead will always shun.swift river's best or broadest lake, to ward the Dead and haven make.if water fails thee, fire's thy friend, if neither guards it will be thy end.

Ladies and gentleladies*! I present to you our newest TDWTF hero! He's so badass that not even death could stop him! His trusty katana shall strike down the unworthy and his ravening appetite shall keep him ever vigilant....

It is my great pleasure to present to you.......

ZOMBIE HANZO!

* and the guys too i guess... maybe

When the Dead do walk seek water's run, for this the Dead will always shun.swift river's best or broadest lake, to ward the Dead and haven make.if water fails thee, fire's thy friend, if neither guards it will be thy end.

At least one person on the forum thinks that anyone who decompiles code before the heat death of the universe should be strung up by their entrails.

Interestingly, there are two opposite factions that share this same thought. One is IP protectors, who want to milk the cow named Michael Jackson until the end of the world, etc., and so they consider decompiling source the worst crime ever, worse than serial murder and on par with torrenting. The other is anarchocommunists who think no one should decompile binaries because the original source code should be available free of charge in the first place.

Such explanation makes sense in case of website getting hacked. But it doesn't explain invalid votes.

Just to clear it up: invalid vote is when a member of local commission (who gets the votes out of urn, counts them and enters into the system) spots a voting card that has either no candidate marked or more than one candidate marked. In some districts, invalid votes percentage is as high as 10-20%. I seriously doubt 20% of voters are so stupid they can't even mark one and only one candidate.

Such explanation makes sense in case of website getting hacked. But it doesn't explain invalid votes.

Just to clear it up: invalid vote is when a member of local commission (who gets the votes out of urn, counts them and enters into the system) spots a voting card that has either no candidate marked or more than one candidate marked. In some districts, invalid votes percentage is as high as 10-20%. I seriously doubt 20% of voters are so stupid they can't even mark one and only one candidate.

Are you sure? Because this app has plenty of places where it will submit blank results. One example I included above as well, when it fails input validation,(i.e. exception occurs) it submits the record anyway to whatever server.

Actually computer system for elections is in use for over 10 years (if I remember correctly, I worked with it during every elections from the start).
Current utter shit system is third one in use. First one was shit too, but it was used only once or twice.
Second system, used for some 8 or 9 years was very good - stable, fast, ergonomic, intuitive, etc (didn't see its
source code though).

So why did they order new system from unknown shitty company if they had proven solution in use?
From what I heard (source in the know, but information by no means official), creator of the second system
wanted 'too much' for its support, someone from Election Committee got angry and decided 'screw them, we'll get a new one'.